Posted
by
samzenpus
on Thursday June 02, 2011 @02:15AM
from the ministry-of-pointy-sticks dept.

An anonymous reader writes "The Ministry of Defence says they are working on a range of offensive cyber weapons to increase the country's defensive capabilities. The armed forces minister, Nick Harvey, says, 'The consequences of a well planned, well executed attack against our digital infrastructure could be catastrophic With nuclear or biological weapons, the technical threshold is high. With cyber the finger hovering over the button could be anyone from a state to a student.'"

You've never played any game CnC game?!? Camping out never works in the long run. You need both and more of one at different times. ALSO if people are too scared to hit you, you tend not to need it. Sure the US got hit in 11/9; but all that did what open up a trillion dollar spending frenzy chest to build more ordnance and some rape guys at US airports.

I'm sure there is some point to the wars. I can't see it. but there must be some point.

Believe it or not world politics isn't like command and conquer, camping out does work quite well just ask Switzerland. The way to go would be spending the trillions they do on weapons on improving the world (maybe solving the worlds energy crisis) then no one would want to attack them.

I'm not saying war is great. I'd like the trillions spent on good things too. But spending money on defence is a waste if you cannot stop the offence. There is a waste to keep replacing obsolescence in defence. Best idea would be for people to get along on the space ship earth.
Switzerland isn't camping out. They have nothing to take.

Funny guy and refreshingly open minded. Its not always about resources though Tibet hasn't got much neither does Vietnam or Afghanistan (granted Iraq does); also japan and Osama could never of dreamed of taking America's resources (Osama did get the US to waste alot of them though) yet they were still at war. As for Switzerland you have to admit for a country with nothing to take they are doing pretty well for them selves, and i think that's partly by not wasting there limited resources on offensive wars.

Switzerland camps out because it would last about 15 minutes in a war against any of the bigger militaries in the world regardless on how much they spent on defense. The only thing that would prevent this would be possesion of 1 or 2 nukes or a close friendship with another military dominate country. Sort of like Israel's ultimate fall back plan.

Proper coding? More like not connecting anything that goes bang a lot to the internet. Another good idea is to make sure there's a carbon unit (or more than one) that presses the final button. They're less reliable but tend to fail in the safe direction.

Its the same line they use for http://en.wikipedia.org/wiki/Porton_Down [wikipedia.org]
If the UK wants to master its NBC suit production they "thought experiment" with the best offensive weapons they can dream up.
1. If the UK wants to master digital infrastructure they roll out very expensive Microsoft and watch everybody have a go at hacking it.
2. ?
3. Cyber victory
Its cost saving to have 1 expensive engineer watching a few counties critical infrastructure from a cheap Windows laptop after 5 pm but... if s/he can

"With nuclear or biological weapons, the technical threshold is high. With cyber the finger hovering over the button could be anyone from a state to a student"

What a crock. Any engineering student who couldn't design a fission based nuclear bomb is going to be a terrible engineer. Hell, the guy who has literally "written the book" on the Manhattan Project bombs is a freaking truck driver*. And you have the same with biological weapons. Contrary to what movies show most research into biological weapons wasn't about genetic modification it was simply on how to make the bugs easy to disperse and store. And most of it was done in the 50's and 60's. To combat misuse of both the answer has been to control the key ingredients of isotopes and germs.

With "cyber" weapons it is the opposite. It is impossible to control the key ingredient, and the 'state of the art' has moved far past the stage where individuals are dominant. Even in the criminal world malware is built by teams. The technical threshold is very high and no individual is going to pull off well planned and well executed attack against a nations infrastructure. The "cyber wars" we see now are all done by large teams of hackers. When nations start actively deploying "cyber warfare" units and the like it will further raise the technical bar.

P.S. The fingers actually "hovering over the buttons" of NBC weapons were mostly 18-20 year old kids. The systems you see in movies where the president needs to give a code so nukes can be launched is mostly a crock. The US Strategic Air Command famously set the "permissive action locks" on its nukes to the equivalent of "1111" because it believed the system was too complicated to be relied upon.

I didn't miss the point I disagreed with the terrible attempt at getting the point across.

Also as far as I know no one has hacked modern critical systems with a single computer and free software. All the stuff making news is very sophisticated team efforts. Stuxnet required physically stealing encryption keys IIRC.

The kind of damage a single hacker can cause is probably less then what a single back-hoe operator can do. And foreign network attacks are probably less of a threat then foreign agents working fro

I was expecting an announcement like this ever since the US hacking story broke. Osama is dead and there have not been any terror attacks around here for a few years. Despite the threat level being at "severe" for years people were somehow regaining control of their bowels so something had to be done.

Nick Harvey, says, 'The consequences of a well planned, well executed attack against our digital infrastructure could be catastrophic With nuclear or biological weapons, the technical threshold is high. With cyber the finger hovering over the button could be anyone from a state to a student.'"

Shuuure; The missile is just gonna arm itself, and intangible cyber villains are going to bypass the physical electrical & mechanical safety mechanisms.

Sounds like someone's been watching too much Lawnmower Man. If a team of cyber villains is all it takes to launch/detonate warheads, We'd all be dead by now. Yeah, theoretically you would need a hacker on your nuclear terrorist infiltration team.

I suggest you take a break from the Fear-mongering... Wouldn't you prefer a nice game of chess?

HEY DUMB-ASSES -- Here's a fucking idea -- Instead of running in fear, wasting tax payer dollars on protecting us from cyber triggered nuclear war -- Why don't we just say: "Fuck it! Everyone's got hackers now! -- Game over, we have to disarm all nuclear bombs in case an angsty 4chan goer decides to an hero via nukes."

Think back to the IRA and the long reach of UK signals intelligence, other friendly intelligence services and what lots and lots of cash can do.
In the UK, game over.
In a country on good terms with the UK, game over.
The SAS can cover some areas.
Gangs, cults, home invasion, truck with poor breaks, unexpected medical issues, tax issues, deep political issues, gas leak, sucide, drugs, porn ect...

The idea of "Cyber Weapons" is a deliberately wrong paradigm whose only purpose is to wring money out of national defense agencies. A cyber attack is nothing more than an idea. If you know something about computer security which the other guy doesn't, you can attack him with it. But as soon as he (or his operating system or antivirus vendor) knows it too, you've got nothing.

This is completely unlike a weapon. An AK-47 is still deadly even if your opponent knows what an assault rifle is, but an unpatched SQL injection vulnerability is useless the moment your opponent learns about it.

The idea of "Cyber Weapons" is a deliberately wrong paradigm whose only purpose is to wring money out of national defense agencies. A cyber attack is nothing more than an idea. If you know something about computer security which the other guy doesn't, you can attack him with it. But as soon as he (or his operating system or antivirus vendor) knows it too, you've got nothing.

This is completely unlike a weapon. An AK-47 is still deadly even if your opponent knows what an assault rifle is, but an unpatched SQL injection vulnerability is useless the moment your opponent learns about it.

While I agree with you that this (like any other public security scare) will be used to wring out monies (private and public monies alike), I do not think that the distinction you outline exists in such a clear way: a security vulnerability has weapon-alike properties too.

A security hole is like a landmine not discovered yet: destructive if you do not know about it and you walk straight over it, but pretty harmless if a red flag shows where it is.

the whole internet has for decades been dealing with attacks on a scale which would make any one governments "cyberwarfare" division look like a pack of boyscouts throwing stones.

The internet is anything but a monoculture, there's thousands of different systems running different software all in their own little firewalled communities with the serious stuff behind DMZ's and multiple firewalls or on encrypted private networks.

You're right that information is power even in conventional warfare, but I worry that calling them "cyber weapons" will totally mislead the people making policy decisions. If you're a government official funding conventional weapons, you fork over your $1 billion and you get a weapon system. 5 years later, when the shit hits the fan, you can pull it out of the arsenal and hurt people with it. Even 20 years later, it still does the job pretty well.

But if you buy $1 billion in "cyber weapons", five years later -- even six months later -- you've got absolutely nothing.

Depends on the quality of those 'cyber weapons'.

If they are of Stuxnet's quality then they can be very efficient and very deniable as well. Think of a weapon doing damage to Iran equivalent to the economic and military damage done by a dozen modern plutonium warheads and 2 years down the line they are still not able to pinpoint the attackers and prove that it was an act of war?

What kind of shelf time did Stuxnet have? Some of the zero-day Windows exploits it used were years old.

Oh, also, the "weapon" paradigm totally misrepresents the asymmetry of offense vs defense. In your tank vs ak-47 example, yes, if you know about an AK-47, you can defend against it. But to defend against it you need a tank -- to negate a thousand-dollar threat you need a million-dollar defense. Your land mine analogy works the same: it's far more expensive and hazardous to clear a minefield than it is to deploy it.

But for cyber weapons, an attack that cost millions to research can be negated for pennies

Oh, also, the "weapon" paradigm totally misrepresents the asymmetry of offense vs defense. In your tank vs ak-47 example, yes, if you know about an AK-47, you can defend against it. But to defend against it you need a tank -- to negate a thousand-dollar threat you need a million-dollar defense. Your land mine analogy works the same: it's far more expensive and hazardous to clear a minefield than it is to deploy it.

But for cyber weapons, an attack that cost millions to research can be negated for pennies by typing "mysql_real_escape_string()" in the right place.

While the assymetry is there (did you really expect 'weapons of information' to be 100% equivalent to physical weapons?) you do not need a million dollar defense against a known $1000 AK47 position: you only need a $100 mortar, or a well placed $10 bullet or a $1 knife.

With the tank example I wanted to highlight how deadly damage the right kind of information can inflict, even against million dollar defenses. The tank gunner will still be dead after the incident even though we know it very well that had h

The US can profit it from the 'networked' world in a few ways. Selling it, rolling it out, maintaining it, protecting it and the longterm backdoor.
Why and how the UK did not see this points to a political deal- you dont say no to the USA.

they are working on a range of offensive cyber weapons to increase the country's defensive capabilities

This kind of thinking shows the plan is doomed to failure before a single module of american software has been bought (at hyper-inflated prices) - which is the standard british technique for <strike> doing what the americans tell them to </strike> implementing a defence strategy.

While that might (although since it was impossible to test, we'll never really know) have been a successful strategy for nuclear war - when there were only 2 sides and therefore no uncertainty who the "enemy" was, it

"Cyber-Space," said General Jonathan Shaw, pronouncing the hyphen between the words, "represents conflict without borders. But we can use the finest of British technical pluck to fight off Johnny Cyberforeigner!"

"We need a toolbox of capabilities," said armed forces minister Nick Harvey."For instance, we have a truckload of old Psion EPOCs, whi